package cn.yyt.yytravel.base.security;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.web.cors.CorsConfiguration;
import org.springframework.web.cors.CorsConfigurationSource;
import org.springframework.web.cors.UrlBasedCorsConfigurationSource;

@Configuration
public class SpringSecurityConfig extends WebSecurityConfigurerAdapter {

    @Autowired
    CustomAuthenticationSuccessHandler  customAuthenticationSuccessHandler ;
    @Autowired
    CustomAuthenticationFailureHandler customAuthenticationFailureHandler;
    @Autowired
    SelfAuthenticationProvider provider;
    @Autowired
    CustomAuthenticationEntryPoint costomAuthenticationEntryPoint;
    @Autowired
    CustomAccessDeniedHandler customAccessDeniedHandler;

    // 自定义认证提供器,在认证过程中,会调用此认证提供器进行认证
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.authenticationProvider(provider);
    }

    // 配置安全拦截配置,配置拦截器和处理器
    @Override
    protected void configure(HttpSecurity http) throws Exception {

        http.csrf().disable() // 禁用CSRF保护
                .httpBasic() // 配置HTTP基本认证
                .and()
                .authorizeRequests() // 配置请求授权
                .antMatchers(
                        "/doc.html",
                        "/**/*.js",
                        "/**/*.css",
                        "/swagger-resources",
                        "/v2/api-docs",
                        "/yyt/user/save"
                ).permitAll() // 对指定的资源不进行权限检查，允许所有用户访问
                .anyRequest().authenticated() // 对其他所有请求要求用户必须认证通过
                .and()
                .formLogin() // 配置表单登录  默认拦截登录请求地址为/login
                .successHandler(customAuthenticationSuccessHandler) // 设置登录成功处理器
                .failureHandler(customAuthenticationFailureHandler) // 设置登录成功处理器
                .permitAll() // 允许所有用户进行登录尝试
                .and()
                .exceptionHandling() // 当用户尝试访问没有权限的资源时，调用自定义的权限拒绝处理器
                .accessDeniedHandler(customAccessDeniedHandler)
                .authenticationEntryPoint(costomAuthenticationEntryPoint) //设置访问拒绝处理器
                .and()
                .cors() // 配置跨域请求
                .configurationSource(corsConfigurationSource()) // 设置跨域配置源
        ;
    }
    private CorsConfigurationSource corsConfigurationSource(){
        CorsConfiguration corsConfiguration = new CorsConfiguration();
        corsConfiguration.setAllowCredentials(true);
        corsConfiguration.addAllowedHeader("*"); // 这个得加上，一些复杂的请求方式会带有header，不加上跨域会失效。
        corsConfiguration.addAllowedMethod("*");
        corsConfiguration.addExposedHeader("*");
        corsConfiguration.addAllowedOriginPattern("*");
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**",corsConfiguration);
        return source;
    }
}